[OpenAFS] (webserver security) AFS and Apache Virtual Directory

Russ Allbery rra@stanford.edu
Wed, 23 Nov 2005 14:04:57 -0800

Tim Spriggs <tims@lpl.arizona.edu> writes:

> Of course, this doesn't completely solve the problem, right? As long as
> the webserver can see it and other people can run stuff as the webserver
> (like a quick perl/cgi script)

Right, that's why you don't allow the second one, or if you do, you run
those programs with a different set of credentials than the server using a
hacked suexec.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>